It was discovered that Amarok did not correctly handle certain malformedtags in Audible Audio (.aa) files. If a user were tricked into opening acrafted Audible Audio file, an attacker could execute arbitrary code withthe privileges of the user invoking the program.

Solution:The problem can be corrected by upgrading your system to thefollowing package versions:

Ubuntu 7.10: amarok 2:1.4.7-0ubuntu3.2

Ubuntu 8.04 LTS: amarok 2:1.4.9.1-0ubuntu3.2

Ubuntu 8.10: amarok 2:1.4.10-0ubuntu3.1

In general, a standard system upgrade is sufficient to effect thenecessary changes.